CN106936803B - Two-dimensional code scanning authentication login method and related device - Google Patents
Two-dimensional code scanning authentication login method and related device Download PDFInfo
- Publication number
- CN106936803B CN106936803B CN201511031980.2A CN201511031980A CN106936803B CN 106936803 B CN106936803 B CN 106936803B CN 201511031980 A CN201511031980 A CN 201511031980A CN 106936803 B CN106936803 B CN 106936803B
- Authority
- CN
- China
- Prior art keywords
- client
- login
- information
- target system
- binding information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The embodiment of the invention aims to provide a two-dimensional code scanning authentication login method and a related device. In the embodiment of the invention, after the second client (mobile client) passes the login authentication of the target system, the two-dimensional code is scanned, the information in the two-dimensional code is extracted to generate the binding information, the binding information is sent to the target system through the security platform to perform the login processing of the first client, and the quick login of the first client can be realized through the interaction. Meanwhile, the security platform is added to serve as a link between the mobile device and the server, interaction between the mobile terminal and the server needs to pass through the security forwarding platform, and interaction between the mobile terminal and the server cannot be carried out directly, so that the server can be prevented from being exposed in an external network environment, and attacks on the server are reduced. Meanwhile, the security platform encrypts the request information for fast scanning login, so that potential safety hazards such as brute force attack and intrusion on the verification system after the scanning code is intercepted by an extranet person can be prevented.
Description
Technical Field
The invention relates to the field of computers, in particular to a two-dimensional code scanning authentication login method and a related device.
Background
With the rise of smart phones, more and more internet technologies are applied to the smart phones, and two-dimensional codes are also rising along with the smart phones and widely applied to various fields and industries. The user can analyze the two-dimensional code through the two-dimensional code scanning technology, so that the effects of quickly and simply accessing the network and the application are achieved.
For example, a user can log in a network through the mobile terminal by firstly authenticating and then scanning the two-dimensional code displayed by the computer client, so that the login can be conveniently and quickly realized, and the manual information input during the network application login is reduced.
However, in the existing two-dimensional code fast login technology, a mobile phone end and a server end need to exchange data, so that the server needs to be accessible to an external network, and a security risk exists when the server is exposed to the external network.
Disclosure of Invention
The embodiment of the invention aims to provide a two-dimensional code scanning authentication login method and a related device so as to improve network security.
In order to achieve the purpose, the invention provides the following scheme:
a two-dimensional code scanning authentication login method comprises the following steps:
the second client which passes the target system login authentication scans the two-dimensional code which is displayed by the first client and contains the user identification UID; the two-dimension code is generated by the target system when the first client accesses the target system and is returned to the first client, and the two-dimension code is displayed in a two-dimension code display area of a system login interface by the first client; the second client is a mobile client;
after judging that the two-dimensional code is valid, the second client extracts the UID in the two-dimensional code;
the second client generates binding information, wherein the binding information comprises the UID and prestored user login information;
the second client sends the binding information to a security platform so that the security platform can encrypt the binding information and forward the binding information to the target system, and after the target system decrypts the received binding information, the target system uses the decrypted binding information to perform login processing of the first client and returns login authentication result information;
and the second client receives login authentication result information forwarded by the security platform and from the target system, and prompts according to the login authentication result information.
Preferably, before scanning the two-dimensional code, the method further includes: and the second client performs login authentication aiming at the target system.
Preferably, the second client performing login authentication for the target system includes: the second client receives and stores the account number and the password input by the user; the second client sends login authentication information to the target system through the security platform so that the target system can perform login authentication aiming at the second client and return second login authentication result information; the login authentication information comprises an account number, a password and an IMEI; the second client receives second login authentication result information from the target system forwarded by the security platform; if the login authentication is successful, the second login authentication result information comprises information representing successful login authentication and login session information; the user login information in the binding information comprises the login session information; when the second login authentication result information comprises information representing successful login authentication, the second client prompts to set a graphic password; and the second client receives the graphical password information input by the user and sends the graphical password information to the target system through the security platform.
Preferably, after the second client scans the two-dimensional code and before generating the binding information, the method further includes:
the second client prompts a user to input a graphical password; the second client receives the graphical password input by the user and verifies whether the graphical password input by the user is consistent with the pre-stored graphical password information; and if the graphical password input by the user is consistent with the pre-stored graphical password information, the second client triggers and executes the step of generating the binding information.
Preferably, the method further comprises the following steps: after the target system is logged in and authenticated, the second client sends a user behavior request to the target system in a heartbeat mode; and the user behavior request is used for updating the mobile phone operation time by the target system.
Preferably, the method further comprises the following steps: the second client receives a notification message which is from the target system and is forwarded through the security platform, wherein the notification message is used for indicating the second client to jump to a graph unlocking page; the notification message is sent by the target system after the operation time of the mobile phone is overtime; the second client jumps to a graph unlocking page; the second client receives the graphical password input by the user and sends the graphical password to the target system through the security platform, so that the target system can verify whether the graphical password input by the user is consistent with the pre-stored graphical password information, and if so, the second client skips to a system home page and updates the mobile phone operation time; and if not, logging out the login authentication of the second client, and informing the second client that the login authentication is invalid.
A two-dimensional code scanning authentication login method comprises the following steps:
the target system generates and returns a two-dimensional code containing a user identification UID when a first client accesses the target system, so that the first client can conveniently display the two-dimensional code in a two-dimensional code display area of a system login interface;
the target system receives binding information, wherein the binding information is generated by a second client which passes login authentication and is encrypted and forwarded by a security platform, and the binding information comprises the UID and user login information prestored by the second client; the second client is a mobile client;
the target system decrypts the binding information, uses the decrypted binding information to perform login processing on the first client, and returns login authentication result information to the security platform, and the login authentication result information is forwarded to the second client through the security platform, so that the second client can prompt according to the login authentication result information.
Preferably, the user login information in the binding information includes login session information, and the login session information is returned to the second client by the target system through login authentication of the target system at the second client.
Preferably, after the login authentication of the second client is successful, the method further includes: and the target system initializes the user authority corresponding to the account.
Preferably, if the login authentication of the first client is successful, the method further includes: and the target system binds the initialized user authority with the account number and enters a system home page.
Preferably, the method further comprises the following steps: the target system records the operation time of the mobile phone; the target system receives a user behavior request which is from the second client and forwarded by the security platform, wherein the user behavior request is in a heartbeat form; the target system updates the mobile phone operation time according to the user behavior request; if the mobile phone operation time is overtime, the target system sends a notification message to the second client, and the notification message is used for indicating the second client to jump to a graph unlocking page; the target system receives the graphic password forwarded by the security platform and from the second client; the target system verifies whether the received graphic password is consistent with the prestored graphic password information, and if so, jumps to a system home page and updates the mobile phone operation time; and if not, logging out the login authentication of the second client, and informing the second client that the login authentication is invalid.
Preferably, the method further comprises the following steps: and the target system performs log recording.
The utility model provides a mobile client, includes swift login module, two-dimensional code scanning module and two-dimensional code verification module, wherein:
the two-dimensional code scanning module is used for: after the mobile client passes the login authentication of a target system, scanning a two-dimensional code which is displayed by a first client and contains a User Identification (UID), and outputting the two-dimensional code to the two-dimensional code verification module; the two-dimensional code is generated by the target system when the first client accesses the target system and is returned to the first client;
the two-dimensional code verification module is used for judging whether the two-dimensional code output by the two-dimensional code scanning module is valid or not, and extracting the UID in the two-dimensional code after the two-dimensional code is judged to be valid;
the quick login module is used for:
generating binding information, wherein the binding information comprises the UID and prestored user login information;
sending the binding information to a security platform; the security platform encrypts the binding information and sends the encrypted binding information to the target system, and the target system decrypts the received binding information, uses the decrypted binding information to perform login processing of the first client and returns login authentication result information;
and receiving login authentication result information forwarded by the security platform from the target system, and prompting according to the login authentication result information.
Preferably, the method further comprises the following steps: the behavior heartbeat sensing module is used for sending a user behavior request to the target system in a heartbeat mode; and the user behavior request is used for updating the mobile phone operation time by the target system.
Preferably, the quick login module is further configured to: receiving a notification message from the target system and forwarded by the security platform, wherein the notification message is used for indicating to jump to a graphical unlocking page; the notification message is sent by the target system after the operation time of the mobile phone is overtime; skipping to a graphic unlocking page; receiving a graphic password input by a user, and sending the graphic password to the target system through the security platform so that the target system can verify whether the graphic password input by the user is consistent with the pre-stored graphic password information, and if so, jumping to a system home page and updating the mobile phone operation time; and if not, logging out the login authentication of the second client, and informing the second client that the login authentication is invalid.
A safety platform comprises a first receiving module, a second receiving module, a first forwarding module and a second forwarding module, wherein:
the first receiving module is used for receiving the binding information sent by the mobile client and outputting the binding information to the encryption forwarding module; the binding information comprises UID and user login information; the UID is extracted from the scanned two-dimensional code by scanning the two-dimensional code displayed by the first client after the mobile client passes the login authentication of the target system; the two-dimensional code is generated by the target system when the first client accesses the target system and is returned to the first client;
the first forwarding module is configured to:
encrypting the binding information, and forwarding the encrypted binding information to the target system, so that the target system decrypts the received binding information, performs login processing of the first client by using the decrypted binding information, and returns login authentication result information;
the second receiving module is used for receiving login authentication result information returned by the target system and outputting the login authentication result information to the second forwarding module;
and the second forwarding module is used for forwarding the login authentication result information to the mobile client.
A server includes a two-dimensional code generator and a login information receiving processor, wherein,
the two-dimensional code generator is used for: when a first client accesses, generating a two-dimensional code containing a user identification UID;
the login information receiving processor is configured to:
returning the two-dimension code to the first client;
receiving binding information, wherein the binding information is generated by a second client which passes login authentication and is encrypted and forwarded by a security platform, and the binding information comprises the UID and user login information prestored by the second client; the second client is a mobile client;
decrypting the binding information;
and performing login processing on the first client by using the decrypted binding information, and returning login authentication result information to the security platform, wherein the login authentication result information is forwarded to the second client through the security platform, and the second client prompts according to the login authentication result information.
In the embodiment of the invention, after the second client (mobile client) passes the target system login authentication, the two-dimensional code (generated by the target system) displayed on the system login interface of the first client is scanned, the information in the two-dimensional code is extracted to generate the binding information and is sent to the security platform, the binding information is forwarded to the target system by the security platform, and the target system can use the binding information to perform the login processing of the first client and return the login authentication result information. Through the process, the first client can be quickly logged in without inputting a user name and a password to the first client. And before the login authentication of the second client fails, the mobile client is always in a login state, so that the user can login the target system from the first client frequently and only needs to scan the two-dimensional code by using the mobile client directly during each login, and the method is very quick. Meanwhile, the security platform is added to serve as a link between the mobile device and the server, interaction between the mobile terminal and the server needs to pass through the security forwarding platform, and interaction between the mobile terminal and the server cannot be carried out directly, so that the server can be prevented from being exposed in an external network environment, and attacks on the server are reduced. Meanwhile, the security platform encrypts the request information for fast scanning login, so that potential safety hazards such as brute force attack and intrusion on the verification system after the scanning code is intercepted by an extranet person can be prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic diagram of a system login interface according to an embodiment of the present invention;
fig. 2, 3, 4, 5a, 5b, and 6 are schematic diagrams illustrating two-dimensional code scanning, authentication, login interaction according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a mobile client according to an embodiment of the present invention;
FIG. 8 is a diagram illustrating a server structure according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a security platform according to an embodiment of the present invention;
fig. 10 is a schematic diagram of an overall module according to an embodiment of the present invention.
Detailed Description
For convenience of understanding, the terms referred to in the present invention are explained as follows:
two-dimensional barcode/two-dimensional code (2-dimensional bar code): the two-dimensional bar code/two-dimensional code records data symbol information by using black and white figures which are distributed on a plane (in a two-dimensional direction) according to a certain rule by using a certain specific geometric figure. The concept of "0" and "1" bit stream forming the internal logic basis of computer is used ingeniously in coding, several geometric forms correspondent to binary system are used to represent literal numerical information, and can be automatically read by means of image input equipment or photoelectric scanning equipment so as to implement automatic information processing. It has some commonality of barcode technology: each code system has its specific character set; each character occupies a certain width; has certain checking function and the like. Meanwhile, the method also has the function of automatically identifying information of different rows and processing the graph rotation change points.
UID, User Identification and User identity Identification.
Two-dimensional code generator: software may be generated for the two-dimensional code. And inputting the information into a two-dimensional code generator to generate a corresponding two-dimensional code, and then storing and applying the two-dimensional code. The two-dimension code generator can be manufactured by a two-dimension code generating algorithm or a two-dimension code plug-in, and then compiling and calling software by using programming languages such as JAVA, C #, VB and the like.
The two-dimensional code generation algorithm is to combine the 0 and 1 digital matrixes forming the two-dimensional code, the information input into the two-dimensional code generator is different, the obtained 0 and 1 digital matrixes are also different in combination, and the generated two-dimensional code patterns are also different accordingly.
Two-dimensional code scanner: the mobile phone end software for realizing two-dimensional code scanning is driven based on a mobile phone camera, the two-dimensional code is read, and safe data interaction is formed between an interface and a server.
The two-dimensional code scanning authentication login method and the related device provided by the embodiment of the invention can realize that a computer client (which can be called as a first client) can quickly login to a target system (server).
The device comprises a first client, a second client, a server and a security platform.
Before the scheme provided by the embodiment of the invention is executed, the user needs to be registered in the target system (namely, the server) and knows the account number (user name) and the password of the user in the target system. The user has to download the APP of the target system to the mobile terminal in advance (the mobile terminal loading the APP may be called a second client or a mobile client). The mobile terminal may be a mobile phone, an IPDA, or other terminal with wireless communication capability.
The target system can be any system that the user wants to log in, such as an operation and maintenance account authority management and auditing system.
More specifically, the server needs to integrate a two-dimensional code generator, and the target system may further include a login information receiving processor, a rights management module, an audit log recording module, and the like.
The second client, namely the mobile client, may include a two-dimensional code scanner, a two-dimensional code verification module, a quick login module, a behavior heartbeat sensing module, a logout module, and the like.
The device related to the embodiment of the invention needs to go through the following sub-processes (parts) in the process of realizing the two-dimensional code scanning authentication login:
part 101: and generating the two-dimensional code.
Specifically, a user accesses the target system through the first client, the target system generates the two-dimensional code and returns the two-dimensional code to the first client, and the first client displays the two-dimensional code in the two-dimensional code display area of the system login interface. The two-dimensional code generated by the target system contains a random number (hereinafter referred to as UID) as the UID.
From the perspective of a client, please refer to fig. 1, taking an example that a user accesses an operation and maintenance account authority management and auditing system through a computer, the user may see a system login interface on a computer screen, and a two-dimensional code is displayed in a two-dimensional code display area of the system login interface.
Part 102: and (4) logging in and authenticating the mobile client.
The user performs login authentication of the mobile client using the registered account (user name) and password, and after success, the server (target system) returns login session information (which will be referred to as session information or session for short in the following).
And logging in the account which is successfully authenticated through the mobile client as the primary account. The login session information is associated with the primary account number. It should be noted that although the mobile terminal APP can log in to the target system, it does not have an operation authority for the target system database, and only has a function of implementing quick login (for example, two-dimensional code scanning).
Before the session fails, the mobile terminal APP is always in the login state.
The 101 part and the 102 part can be executed in parallel, or the 101 part is executed first and the 102 part is executed second, or the 102 part is executed first and the 101 part is executed later.
Part 103: quick login (also referred to as quick scan login).
Wherein, the mobile client scans 101 part of the displayed two-dimensional code and sends binding information to the security platform.
Specifically, the binding information includes the aforementioned UID and pre-stored user login information, and the user login information at least includes a user name (account) and login session information.
Part 104: and the safety platform processes and forwards information.
The secure platform is the only channel between the mobile terminal and the server. Thus, portion 104 includes both processing and forwarding of the aforementioned binding information and processing and forwarding of information (e.g., feedback information) from the server.
The above process is generally an encryption process. The mobile terminal or the server needs to perform corresponding decryption processing on the received data.
Of course, the mobile terminal or the server may encrypt the transmitted data.
The specific encryption and decryption methods may be implemented by the prior art, and are not described herein.
Part 105: the server performs a quick login process for the computer client (corresponding to section 103), and the server performs login authentication for the mobile client (corresponding to section 102).
Sections 104, 105 will be described later in connection with other sections.
It should be noted that, the parts 103 to 105 are not perceived by the user, and from the perspective of the user, the user scans the two-dimensional code using the mobile terminal, that is, the quick login of the computer client is realized, and during the period, the user name and the password are not required to be input at the computer client. And before the session fails or before the login authentication of the second client fails, the mobile terminal APP is always in the login state, so that the user can login the target system from the computer client frequently if the user needs to login the target system, and the user can directly use the mobile terminal to scan the two-dimensional code during each login, which is very quick.
In the following, how to perform data processing and transmission in the above parts of the mobile client, the security platform and the server will be described mainly from the perspective of the mobile client, the security platform and the server of the target system.
Fig. 2 generally represents information interaction between the mobile client, the secure platform and the server of the target system (server feedback information is not shown in fig. 2).
The foregoing will be described in detail.
Two-dimensional code generation part:
it should be noted that, the target system is integrated with the two-dimensional code generator, and each time the client browser (first client) requests to access the target system (generally, a system homepage), the target system calls the two-dimensional code generator to automatically generate the two-dimensional code and returns the two-dimensional code to the client browser, and the two-dimensional code is displayed in a two-dimensional code display area added to an original system login interface. The two-dimensional code may include a server-side identification in addition to the aforementioned UID. After being scanned, the server-side identification can be extracted.
And the UID and the server-side identification are used for login authentication of the first client.
The mobile client login authentication part:
referring to fig. 3, the login authentication of the mobile client includes:
s1021: the mobile client receives an account number (user name) and a password input by a user.
It should be noted that the password is not stored at the mobile phone end, and is only used for login authentication of the mobile client, and the password is not needed in subsequent quick scanning login, so as to prevent the password from being leaked.
S1022: the mobile client sends login authentication information to a target system (namely, a server) through the security platform.
The login authentication information may include an account number, a password, and an IMEI (international mobile equipment identity) input by the user.
S1023: a target system (server) performs login authentication for a mobile client;
s1024: the target system (server) returns login authentication result information.
The target system checks the account number, the password and even the mobile phone number, and after checking, login authentication result information is returned.
In order to distinguish from the login authentication result information in the subsequent shortcut login, 1024 parts of login authentication result information are referred to as second login authentication result information.
The second login authentication result information includes the following specific contents:
if the login authentication is successful (i.e. the aforementioned check is correct), the second login authentication result information includes information representing that the login authentication is successful and login session information.
If the login authentication fails (i.e. the aforementioned check is incorrect), the second login authentication result information includes information representing the login authentication failure and the reason for the failure.
Of course, the second login authentication result information is forwarded to the mobile client through the security platform.
S1025: and when the second login authentication result information comprises information representing successful login authentication, the mobile client prompts to set a graphic password.
The graphic password is a brand-new identity authentication technology, and is different from the traditional password, the graphic password uses a graphic as an authentication medium, and authentication is performed through clicking, identifying and reproducing the graphic by a user or interaction between the user and a graphic system, and is similar to pattern unlocking authentication.
S1026: the mobile client receives the graphical password information input by the user and sends the graphical password information to a target system (server) through the security platform.
In the following, it will be described how the target system uses the graphical password information for authentication.
In other embodiments of the present invention, after the mobile terminal APP logs in successfully, the target system initializes the user right corresponding to the account, and may also consider that the target system initializes the operation right of the user (at the computer client).
A quick login part:
referring to fig. 4, the shortcut login includes:
s1031: the mobile client scans the two-dimensional code which is displayed by the computer client and contains the UID.
S1032: and after judging that the two-dimensional code is valid, the mobile client extracts the information in the two-dimensional code.
For example, the UID and server-side identification in the two-dimensional code are extracted.
S1033: the mobile client prompts the user to enter a graphical password.
S1034: the mobile client receives a graphical password input by a user;
s1035: the mobile client verifies whether the graphical password input by the user is consistent with the prestored graphical password information.
The pre-stored graphic password information is the graphic password information input by the 1026 part of users.
This step is to determine whether the user is qualified to operate the mobile terminal for subsequent operations.
S1036: if the verification is passed, namely the graph password input by the user is consistent with the prestored graph password information, the mobile client generates binding information and sends the binding information to the security platform to wait for the feedback of the security platform.
The binding information includes the user name (account), login session information, server identifier, and IMEI (international mobile equipment identity, APP is automatically obtained from the mobile phone).
In other embodiments of the invention, the process may also be simplified, not requiring the user to enter a graphical password for authentication.
S1037: and the security platform encrypts the binding information.
Specifically, in the foregoing step S1024, the server side returns the information representing the successful login authentication and the login session information when the login authentication of the mobile client is successful. The security platform is also aware of the mobile client's main account number, login session information, and IMEI.
In this step, the security platform associates the primary account with the current session (login session information), UID, and IMEI, and performs AES encryption transmission. In the quick login process, once any one of the primary account number, login session information and IMEI is changed, the session is disconnected (or can be called as invalid). The purpose is to prevent that script injection is carried out to the server side after other scanning terminals analyze the two-dimensional code, and the bypassing risk is generated.
In addition, the security platform can also perform source IP verification on the binding information, and analyze and process (for example, encrypt) the received binding information after determining the binding information as a security IP.
The front end of the security platform is similar to a firewall and can carry out IP strategy verification (namely IP source verification) so as to prevent external network attack.
Certainly, the security platform may also perform source IP verification on all received information, and process and forward the information after determining that the information is a security IP.
S1038: and the security platform forwards the encrypted binding information to the target system to wait for feedback.
S1039: the target system (server) decrypts the binding information and performs login processing for the computer client using the decrypted binding information.
More specifically, the target system checks the account number, the UID, the server-side identifier, the login session information, and the IMEI in the binding information, and returns the first login authentication result information after checking.
More specifically, after the server side decrypts, the survivability of the session corresponding to the login session information is checked firstly;
if the login session information is alive, comparing the main account related to the login session information with the account in the binding information to see whether the main account is consistent with the account in the binding information;
comparing the IMEI associated with the primary account with the IMEI number in the binding information;
and finally, verifying the two-dimensional code:
the method mainly comprises the steps of identifying whether the UID in the binding information is generated by the server or not, and verifying whether the server-side identification in the binding information is generated by the server or not.
And after all checks are correct, the quick login authentication is successful, otherwise, the quick login authentication fails.
S1040: and the target system (server) returns the first login authentication result information to the security platform.
The specific contents included in the first login authentication result information are as follows:
if the login authentication is successful (i.e. the aforementioned check is correct), the first login authentication result information includes information representing that the login authentication is successful.
If the login authentication fails (i.e. the aforementioned check is incorrect), the first login authentication result information includes information representing the login authentication failure and a failure reason.
S1041: and the security platform forwards the first login authentication result information to the mobile client.
The security platform may or may not encrypt the first login authentication result information.
S1042: and the mobile client prompts according to the first login authentication result.
More specifically, if the login authentication is successful, the mobile client prompts that the login authentication is successful.
If the login authentication fails, the mobile client prompts that the login authentication fails and displays the failure reason. In addition, the mobile client can jump to a scanning page to wait for secondary scanning authentication.
S1043: if the login authentication of the computer client is successful, the target system binds the initialized user authority with the account number and enters a system home page.
Therefore, in all the embodiments of the present invention, the security platform is added as a link between the mobile device and the server, and the interaction between the mobile terminal and the server must pass through the security forwarding platform, and the two platforms cannot interact directly, so that the server can be prevented from being exposed in an extranet environment, and attacks on the server can be reduced. Meanwhile, the security platform performs special change and encryption processing on the request information for fast scanning login, and can prevent potential safety hazards such as brute force attack and intrusion on the verification system after an extranet person intercepts the scanning code.
In other embodiments of the present invention, to ensure the security of the quick login, please refer to fig. 5a or fig. 5b (fig. 5b is a simple flow), the two-dimensional code scanning authentication login method may further include the following steps:
s201: if the mobile client is successfully logged in and authenticated, the target system records the operation time of the mobile phone (namely, starts a timer);
s202: the mobile client sends a user behavior request to a target system (server) in a heartbeat mode;
any operation (such as sliding a screen and opening an interface of the APP) performed by the user on the APP is sent to the target system by the mobile client in the form of heartbeat.
S203: the target system updates the handset operating time each time a heartbeat request (user action request) is received.
S204: if the mobile phone operation time is overtime (for example, no operation is performed on the mobile phone APP for more than three minutes), the target system sends a notification message to the mobile client (through the secure platform). Wherein the notification message is used to instruct the mobile client to jump to a graphical unlock page.
S205: and the mobile client jumps to the graph unlocking page.
At the same time, the mobile client may prompt the user to enter a graphical password.
S206: and the mobile client receives the graphical password input by the user and sends the graphical password to the target system through the security platform.
S207: the target system verifies whether the graphical password input by the user is consistent with the pre-stored graphical password information;
s208: if the two are consistent (namely the verification is successful), jumping to a system home page and updating the operation time of the mobile phone (meanwhile, informing the computer client to jump to the system home page); otherwise (verification fails), logging off the login authentication of the mobile client (logging off the login session information), and informing the mobile client that the login authentication fails or is overtime.
Alternatively, the target system may jump to a page before the timeout of the mobile phone operation time if the verification is successful.
For example, before the operation time of the mobile phone is over, the user performs an operation on the setting page, and after the verification in step 208 is successful, the user still jumps to the setting page.
Fig. 5a and 5b show the case of logoff.
S209: after receiving the logout notification, the mobile client clears the user login information stored in the application and quits the login state of the application (namely logging out).
Of course, the user may also actively select to log out, and the mobile client may also clear the user login information stored in the application and log out of the login state of the application.
In other embodiments of the present invention, after the operation time of the mobile phone is over, the target system may further start another timer to time, and if the graphic password from the mobile client is not received after the operation time is over, the target system will log out the login authentication of the mobile client (log out the login session information), and notify the mobile client that the login authentication is invalid.
For any reason, after the mobile client exits the login state, if the mobile client needs to perform the fast scan login operation, the login authentication of the mobile terminal needs to be performed again (for details, see the content shown in fig. 3), which has the advantage of preventing the non-mobile phone owner from achieving the fast login of the computer client to the target system through the mobile phone login after the mobile phone is lost.
In other embodiments of the present invention, the target system (server) in all the foregoing embodiments may also perform logging.
Specifically, the target system may log the login authentication of the mobile client, including a log record of the login authentication of the mobile client, a log record of logout, a log record of fast scan login, and a result of the login authentication and a reason for failure.
In addition, when the server interrupts the authentication due to the fact that the user does not operate the mobile phone for a long time, the target system can also record logs. Namely, the log record is carried out on the event that the login authentication of the client fails due to the overtime of the operation time of the mobile phone.
The target system may also maintain a log record (log content may include time, operations, etc.) of logging into the server via a quick scan. The server records the prompt response of the quick scanning login and the log of the login information and the result in detail. That is, the recorded content of the quick scanning login can include time, operation, various interactive information in the quick scanning login process, login authentication results, failure reasons and the like, so that problems can be conveniently discovered and summarized in the future.
FIG. 6 shows all the processes of normally logging in to the operation and maintenance account authority management and auditing system by scanning the two-dimension code.
In other embodiments of the present invention, the mobile client 700 is claimed in the embodiments of the present invention, please refer to fig. 7, which may include a fast login module 701, a two-dimension code scanning module 702, and a two-dimension code verification module 703, wherein:
the two-dimensional code scanning module 702 is configured to: after the mobile client passes the login authentication of the target system, scanning the two-dimensional code which is displayed by the first client and contains the user identification UID, and outputting the two-dimensional code to the two-dimensional code verification module 703;
for the related content of the two-dimensional code, please refer to the above description, which is not repeated herein.
The two-dimensional code verification module 703 is configured to determine whether the two-dimensional code output by the two-dimensional code scanning module 702 is valid, and extract the UID in the two-dimensional code after determining that the two-dimensional code is valid.
In addition, if the two-dimensional code comprises the server-side identification, the server-side identification can be extracted.
The quick login module 701 is configured to:
generating binding information, wherein the binding information comprises a UID (server-side identifier) extracted by the two-dimensional code verification module 703 and pre-stored user login information;
sending binding information to a security platform; the security platform encrypts the binding information and sends the encrypted binding information to the target system, and the binding information is used for the target system to log in the computer client and return first login authentication result information;
and receiving first login authentication result information forwarded by the security platform from the target system, and prompting according to the first login authentication result information.
More specifically, after passing the login authentication of the target system, the fast login module 701 may invoke the two-dimensional code scanning module 702 to scan the two-dimensional code displayed by the computer client and including the UID, and invoke the two-dimensional code verification module 703 to determine whether the two-dimensional code is valid, and extract information in the two-dimensional code after determining that the two-dimensional code is valid.
The two-dimensional code scanning module 702 may be mobile phone end software that implements two-dimensional code scanning based on a mobile phone camera driver, and in addition, the two-dimensional code scanning module 702 and the two-dimensional code verification module 703 may also be combined into one module.
More specifically, the shortcut logging module 701 can execute the sections 1021, 1022, 1025 and 1026 shown in fig. 3, 4 and 5a, and the sections 1033 and 1036 and 1042 shown in fig. 4. In addition, the quick login module 701 may also perform portions 202, 205, 206, 209 shown in FIG. 5a (portion 209 may also be performed by a separate logout module), and/or other processes described herein with respect to quick login.
In addition, the mobile client may further include a behavior heartbeat sensing module, configured to send a user behavior request to a target system (server) in a heartbeat manner, for specific content, please refer to the foregoing description herein, which is not described herein again.
In other embodiments of the present invention, the embodiments of the present invention claim a server, please refer to fig. 8, which at least includes a two-dimensional code generator 801 and a login information receiving processor 802.
In addition, in other embodiments of the present invention, the server may further include a rights management module, an audit log recording module, and the like.
The two-dimensional code generator 801 is used for generating a two-dimensional code containing a User Identification (UID) when a first client accesses the two-dimensional code;
the login information reception processor 802 is configured to:
returning the two-dimension code to the computer client;
and receiving the binding information, wherein the binding information is generated by the mobile client and is encrypted and forwarded by the security platform, and the content related to the binding information is referred to the aforementioned record herein and is not described herein again.
Decrypting the binding information;
and using the decrypted binding information to perform login processing aiming at the computer client and returning login authentication result information to the security platform.
The login information reception processor 802 may invoke the two-dimensional code generator 801 to generate a two-dimensional code when accessed by the first client.
Further, the login information receiving processor 802 may execute the 1023 and 1024 parts shown in fig. 3, 4 and 5a, and the 1039, 1040 and 1043 parts shown in fig. 4. In addition, the login information reception processor 802 may also perform portions 201, 203, 204, 207, 208 shown in fig. 5a, and/or other processes described herein with respect to mobile client login authentication or short-cut login.
The two-dimensional code generator 801 may perform the two-dimensional code generation process described earlier in this application.
The rights management module may perform the process of initializing user rights and binding user rights as described above in this application.
The audit logging module may perform all of the processes described earlier in this application relating to logging.
In addition, the embodiment of the present invention also requires protection of a security platform, please refer to fig. 9, where the security platform 900 may include a first receiving module 901, a second receiving module 902, a first forwarding module 903, and a second forwarding module 904, where:
the first receiving module 901 is configured to receive the binding information sent by the mobile client and output the binding information to the encryption forwarding module;
for the related content of the binding information, please refer to the above description, which is not repeated herein.
The first forwarding module 903 is configured to:
encrypting the binding information, and forwarding the encrypted binding information to a target system so that the target system decrypts the received binding information, performs login processing of a first client by using the decrypted binding information, and returns login authentication result information;
the second receiving module 902 is configured to receive login authentication result information returned by the target system, and output the login authentication result information to the second forwarding module 904;
the second forwarding module 904 is configured to forward the login authentication result information to the mobile client.
The first receiving module 901 and the second receiving module 902 may be combined into one receiving module, and the first forwarding module 903 and the second forwarding module 904 may be combined into one forwarding module.
The receiving module may be configured to perform all processes described earlier herein relating to the receipt of information by the secure platform and the forwarding module may be configured to perform all processes described earlier herein relating to the forwarding (including encryption) of information by the secure platform.
Fig. 10 shows an overall block diagram.
In summary, the technical solution of the present invention has the following advantages:
(1) and the expandability supports seamless connection and expansion with various system login portals.
(2) The scanning end is prevented from being lost, and the heartbeat detection triggers the graphical coded lock, so that serious consequences caused by the loss of the mobile phone can be prevented.
(3) Independent of security, the independent security verification forwarding platform avoids the traditional direct interaction with the server, reduces the pressure of the server, prevents attack means such as information stealing and brute force attack and the like, and ensures the security and high concurrent accessibility of the system.
(4) And the whole audit is recorded, so that problems can be found and information statistics can be facilitated in the future.
(5) The user authority is initialized, the user authority can be initialized after the mobile phone logs in the system for authentication, the user does not need to initialize the user authority after quickly scanning and logging in the system, the previously initialized authority is directly passed through the user and enters a system home page, the time required for initializing the user authority after logging in is reduced, the system efficiency is improved, and the user experience is improved.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In summary, this summary should not be construed to limit the present invention.
Claims (14)
1. A two-dimensional code scanning authentication login method is characterized by comprising the following steps:
the second client which passes the target system login authentication scans the two-dimensional code which is displayed by the first client and contains the user identification UID; the two-dimension code is generated by the target system when the first client accesses the target system and is returned to the first client, and the two-dimension code is displayed in a two-dimension code display area of a system login interface by the first client; the second client is a mobile client;
after judging that the two-dimensional code is valid, the second client extracts the UID in the two-dimensional code;
the second client generates binding information, wherein the binding information at least comprises the UID, a main account of the mobile client, login session information, a server side identifier and an international mobile equipment identity code IMEI;
the second client sends the binding information to a security platform so that the security platform can encrypt the binding information and forward the binding information to the target system, and the target system decrypts the received binding information and verifies the survivability of the session corresponding to the login session information; if the login session information is alive, comparing the main account related to the login session information with the account in the binding information, and determining whether the main account is consistent with the account in the binding information; comparing the IMEI associated with the primary account with the IMEI number in the binding information, and determining whether the IMEI number is consistent with the primary account; identifying whether the UID in the binding information is generated by the server or not, verifying whether the server-side identification in the binding information is generated by the server or not, after the process is checked to be correct, performing login processing of the first client side by using the binding information after decryption processing, and returning login authentication result information;
the second client receives login authentication result information forwarded by the security platform and from the target system, and prompts according to the login authentication result information;
the security platform is a unique channel between the mobile terminal and the server;
in the process of quick login, once any one of the primary account number, the login session information and the IMEI is changed, the session is disconnected.
2. The method of claim 1, further comprising:
after the target system is logged in and authenticated, the second client sends a user behavior request to the target system in a heartbeat mode; and the user behavior request is used for updating the mobile phone operation time by the target system.
3. The method of claim 2, further comprising:
the second client receives a notification message which is from the target system and is forwarded through the security platform, wherein the notification message is used for indicating the second client to jump to a graph unlocking page; the notification message is sent by the target system after the operation time of the mobile phone is overtime;
the second client jumps to a graph unlocking page;
the second client receives the graphical password input by the user and sends the graphical password to the target system through the security platform, so that the target system can verify whether the graphical password input by the user is consistent with the pre-stored graphical password information, and if so, the second client skips to a system home page and updates the mobile phone operation time; and if not, logging out the login authentication of the second client, and informing the second client that the login authentication is invalid.
4. A two-dimensional code scanning authentication login method is characterized by comprising the following steps:
the target system generates and returns a two-dimensional code containing a user identification UID when a first client accesses the target system, so that the first client can conveniently display the two-dimensional code in a two-dimensional code display area of a system login interface;
the target system receives binding information, the binding information is generated by a second client which passes login authentication and is encrypted and forwarded by a security platform, and the binding information at least comprises the UID, a main account of the mobile client, login session information, a server-side identifier and an international mobile equipment identity code IMEI; the second client is a mobile client;
the target system decrypts the binding information and verifies the survivability of the session corresponding to the login session information; if the login session information is alive, comparing the main account related to the login session information with the account in the binding information, and determining whether the main account is consistent with the account in the binding information; comparing the IMEI associated with the primary account with the IMEI number in the binding information, and determining whether the IMEI number is consistent with the primary account; identifying whether the UID in the binding information is generated by the server or not, verifying whether the server-side identification in the binding information is generated by the server or not, after the process is checked to be correct, performing login processing on the first client side by using the decrypted binding information, and returning login authentication result information to the security platform, wherein the login authentication result information is forwarded to the second client side through the security platform so that the second client side can prompt according to the login authentication result information;
the security platform is a unique channel between the mobile terminal and the server;
in the process of quick login, once any one of the primary account number, the login session information and the IMEI is changed, the session is disconnected.
5. The method of claim 4, wherein the user login information in the binding information includes login session information returned by the target system to the second client via login authentication of the target system at the second client.
6. The method of claim 5, wherein after the second client login authentication is successful, further comprising: and the target system initializes the user authority corresponding to the account.
7. The method of claim 6, wherein if the first client login authentication is successful, further comprising: and the target system binds the initialized user authority with the account number and enters a system home page.
8. The method of claim 7, further comprising:
the target system records the operation time of the mobile phone;
the target system receives a user behavior request which is from the second client and forwarded by the security platform, wherein the user behavior request is in a heartbeat form;
the target system updates the mobile phone operation time according to the user behavior request;
if the mobile phone operation time is overtime, the target system sends a notification message to the second client, and the notification message is used for indicating the second client to jump to a graph unlocking page;
the target system receives the graphic password forwarded by the security platform and from the second client;
the target system verifies whether the received graphic password is consistent with the prestored graphic password information, and if so, jumps to a system home page and updates the mobile phone operation time; and if not, logging out the login authentication of the second client, and informing the second client that the login authentication is invalid.
9. The method of any one of claims 4-8, further comprising: and the target system performs log recording.
10. The utility model provides a mobile client, its characterized in that, includes swift login module, two-dimensional code scanning module and two-dimensional code verification module, wherein:
the two-dimensional code scanning module is used for: after the mobile client passes the login authentication of a target system, scanning a two-dimensional code which is displayed by a first client and contains a User Identification (UID), and outputting the two-dimensional code to the two-dimensional code verification module; the two-dimensional code is generated by the target system when the first client accesses the target system and is returned to the first client;
the two-dimensional code verification module is used for judging whether the two-dimensional code output by the two-dimensional code scanning module is valid or not, and extracting the UID in the two-dimensional code after the two-dimensional code is judged to be valid;
the quick login module is used for:
generating binding information, wherein the binding information at least comprises the UID, a main account of the mobile client, login session information, a server side identifier and an international mobile equipment identity code IMEI;
sending the binding information to a security platform; the security platform encrypts the binding information and sends the encrypted binding information to the target system, and the target system decrypts the received binding information and verifies the survivability of the session corresponding to the login session information; if the login session information is alive, comparing the main account related to the login session information with the account in the binding information, and determining whether the main account is consistent with the account in the binding information; comparing the IMEI associated with the primary account with the IMEI number in the binding information, and determining whether the IMEI number is consistent with the primary account; identifying whether the UID in the binding information is generated by the server or not, verifying whether the server-side identification in the binding information is generated by the server or not, after the process is checked to be correct, performing login processing of the first client side by using the binding information after decryption processing, and returning login authentication result information;
receiving login authentication result information forwarded by the security platform from the target system, and prompting according to the login authentication result information;
the security platform is a unique channel between the mobile terminal and the server;
in the process of quick login, once any one of the primary account number, the login session information and the IMEI is changed, the session is disconnected.
11. The mobile client of claim 10, further comprising: the behavior heartbeat sensing module is used for sending a user behavior request to the target system in a heartbeat mode; and the user behavior request is used for updating the mobile phone operation time by the target system.
12. The mobile client of claim 11, wherein the quick login module is further to:
receiving a notification message from the target system and forwarded by the security platform, wherein the notification message is used for indicating to jump to a graphical unlocking page; the notification message is sent by the target system after the operation time of the mobile phone is overtime;
skipping to a graphic unlocking page;
receiving a graphic password input by a user, and sending the graphic password to the target system through the security platform so that the target system can verify whether the graphic password input by the user is consistent with the pre-stored graphic password information, and if so, jumping to a system home page and updating the mobile phone operation time; otherwise, logging off the login authentication of the mobile client, and informing the mobile client that the login authentication is invalid.
13. A safety platform is characterized by comprising a first receiving module, a second receiving module, a first forwarding module and a second forwarding module, wherein:
the first receiving module is used for receiving the binding information sent by the mobile client and outputting the binding information to the encryption forwarding module; the binding information at least comprises a UID, a main account of the mobile client, login session information, a server side identifier and an international mobile equipment identity code IMEI; the UID is extracted from the scanned two-dimensional code by scanning the two-dimensional code displayed by the first client after the mobile client passes the login authentication of the target system; the two-dimensional code is generated by the target system when the first client accesses the target system and is returned to the first client;
the first forwarding module is configured to:
encrypting the binding information, and forwarding the encrypted binding information to the target system, so that the target system can verify the survivability of the session corresponding to the login session information after decrypting the received binding information; if the login session information is alive, comparing the main account related to the login session information with the account in the binding information, and determining whether the main account is consistent with the account in the binding information; comparing the IMEI associated with the primary account with the IMEI number in the binding information, and determining whether the IMEI number is consistent with the primary account; identifying whether the UID in the binding information is generated by the server or not, verifying whether the server-side identification in the binding information is generated by the server or not, after the process is checked to be correct, performing login processing of the first client side by using the binding information after decryption processing, and returning login authentication result information;
the second receiving module is used for receiving login authentication result information returned by the target system and outputting the login authentication result information to the second forwarding module;
the second forwarding module is used for forwarding the login authentication result information to the mobile client;
the security platform is a unique channel between the mobile terminal and the server;
in the process of quick login, once any one of the primary account number, the login session information and the IMEI is changed, the session is disconnected.
14. A server, comprising a two-dimensional code generator and a login information receiving processor, wherein,
the two-dimensional code generator is used for: when a first client accesses, generating a two-dimensional code containing a user identification UID;
the login information receiving processor is configured to:
returning the two-dimension code to the first client;
receiving binding information, wherein the binding information is generated by a second client which passes login authentication and is encrypted and forwarded by a security platform, and the binding information at least comprises the UID, a main account of the mobile client, login session information, a server side identifier and an international mobile equipment identity code IMEI; the second client is a mobile client;
decrypting the binding information; verifying the survivability of the session corresponding to the login session information; if the login session information is alive, comparing the main account related to the login session information with the account in the binding information, and determining whether the main account is consistent with the account in the binding information; comparing the IMEI associated with the primary account with the IMEI number in the binding information, and determining whether the IMEI number is consistent with the primary account; identifying whether the UID in the binding information is generated by the server or not, verifying whether the server-side identification in the binding information is generated by the server or not, after the process is checked to be correct, performing login processing on the first client side by using the decrypted binding information, and returning login authentication result information to the security platform, wherein the login authentication result information is forwarded to the second client side through the security platform, and the second client side prompts according to the login authentication result information;
the security platform is a unique channel between the mobile terminal and the server;
in the process of quick login, once any one of the primary account number, the login session information and the IMEI is changed, the session is disconnected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511031980.2A CN106936803B (en) | 2015-12-31 | 2015-12-31 | Two-dimensional code scanning authentication login method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511031980.2A CN106936803B (en) | 2015-12-31 | 2015-12-31 | Two-dimensional code scanning authentication login method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106936803A CN106936803A (en) | 2017-07-07 |
| CN106936803B true CN106936803B (en) | 2020-12-29 |
Family
ID=59444608
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511031980.2A Active CN106936803B (en) | 2015-12-31 | 2015-12-31 | Two-dimensional code scanning authentication login method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106936803B (en) |
Families Citing this family (24)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107797900A (en) * | 2017-10-19 | 2018-03-13 | 广东小天才科技有限公司 | A kind of application message display methods and service equipment |
| CN107580002B (en) * | 2017-10-24 | 2020-03-13 | 杭州安恒信息技术股份有限公司 | Double-factor authentication security manager login system and method |
| CN108133165A (en) * | 2018-01-16 | 2018-06-08 | 深圳市爱克信智能股份有限公司 | A kind of Quick Response Code card reader encryption method |
| CN108920935A (en) * | 2018-06-21 | 2018-11-30 | 成都安恒信息技术有限公司 | A kind of verifying and formation gathering method automatically |
| CN109214166B (en) * | 2018-08-20 | 2020-10-27 | 创新先进技术有限公司 | Intelligent device authorization control method and system |
| CN109635887B (en) * | 2018-11-12 | 2022-01-18 | 武汉科技大学 | Lost article finding method, device and system |
| CN109902472A (en) * | 2019-02-25 | 2019-06-18 | 山东浪潮通软信息科技有限公司 | A method of personal information certification is extracted based on two dimensional code and wechat small routine |
| CN109995521A (en) * | 2019-03-06 | 2019-07-09 | 湖北省广播电视信息网络股份有限公司 | Login method and Web TV login system based on graphic code |
| CN110598391A (en) * | 2019-08-09 | 2019-12-20 | 江苏省高速公路经营管理中心 | Financial expense pneumatic control system that electron signature and two-dimensional code combine |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN110995416A (en) * | 2019-10-12 | 2020-04-10 | 武汉信安珞珈科技有限公司 | Method for associating mobile terminal with client |
| CN111193708A (en) * | 2019-11-29 | 2020-05-22 | 云深互联(北京)科技有限公司 | Code scanning login method and device based on enterprise browser |
| CN111556073A (en) * | 2020-05-13 | 2020-08-18 | 西安万像电子科技有限公司 | Authentication method and system |
| CN111651746B (en) * | 2020-06-01 | 2023-03-10 | 支付宝(杭州)信息技术有限公司 | Login data processing method, device, equipment and system |
| CN113920616B (en) * | 2020-06-24 | 2023-08-08 | 广州汽车集团股份有限公司 | Method for safely connecting vehicle with Bluetooth key, bluetooth module and Bluetooth key |
| CN114442872B (en) * | 2020-10-19 | 2023-10-27 | 聚好看科技股份有限公司 | Layout and interaction method of virtual user interface and three-dimensional display equipment |
| CN112948800B (en) * | 2021-02-26 | 2024-04-12 | 北京北大千方科技有限公司 | Two-dimensional code log-in annunciator management platform method, device, equipment and medium |
| CN113312535B (en) * | 2021-05-28 | 2023-02-24 | 中铁十一局集团第五工程有限公司 | Engineering survey intelligent management control cloud platform |
| CN113627208B (en) * | 2021-08-17 | 2024-04-05 | 上海源慧信息科技股份有限公司 | Code scanning login early warning method and device, computer equipment and storage medium |
| CN113760436B (en) * | 2021-09-08 | 2022-07-26 | 江苏太湖慧云数据系统有限公司 | Cloud host remote login system and method based on two-dimensional code |
| CN114422233B (en) * | 2022-01-17 | 2023-01-13 | 中国科学院软件研究所 | Login method and system for private equipment |
| CN115296867A (en) * | 2022-07-20 | 2022-11-04 | 厦门护卫云信息技术有限公司 | Secondary identity authentication method and system for server |
| CN116962078A (en) * | 2023-09-19 | 2023-10-27 | 成都运荔枝科技有限公司 | Web system login management and control system based on browser plug-in |
| CN117118757B (en) * | 2023-10-24 | 2024-01-09 | 长扬科技(北京)股份有限公司 | Terminal login method, device, equipment and medium in industrial control environment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102769628A (en) * | 2012-07-27 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Page login method and server |
| CN103001973A (en) * | 2012-12-26 | 2013-03-27 | 百度在线网络技术(北京)有限公司 | Method, system and device used for controlling login and based on two-dimensional code |
| CN103023652A (en) * | 2012-12-07 | 2013-04-03 | 康佳集团股份有限公司 | Status identification method and system through bar code based on mobile terminal |
| CN103906052A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团公司 | Mobile terminal authentication method, service access method and equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110219427A1 (en) * | 2010-03-04 | 2011-09-08 | RSSBus, Inc. | Smart Device User Authentication |
-
2015
- 2015-12-31 CN CN201511031980.2A patent/CN106936803B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102769628A (en) * | 2012-07-27 | 2012-11-07 | 腾讯科技(深圳)有限公司 | Page login method and server |
| CN103023652A (en) * | 2012-12-07 | 2013-04-03 | 康佳集团股份有限公司 | Status identification method and system through bar code based on mobile terminal |
| CN103001973A (en) * | 2012-12-26 | 2013-03-27 | 百度在线网络技术(北京)有限公司 | Method, system and device used for controlling login and based on two-dimensional code |
| CN103906052A (en) * | 2012-12-26 | 2014-07-02 | 中国移动通信集团公司 | Mobile terminal authentication method, service access method and equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106936803A (en) | 2017-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106936803B (en) | Two-dimensional code scanning authentication login method and related device | |
| US10191457B2 (en) | Automatic portable electronic device configuration | |
| Huang et al. | Using one-time passwords to prevent password phishing attacks | |
| US9887999B2 (en) | Login method and apparatus | |
| US20220191016A1 (en) | Methods, apparatuses, and computer program products for frictionless electronic signature management | |
| US10491587B2 (en) | Method and device for information system access authentication | |
| EP2901616B1 (en) | Method for mobile security context authentication | |
| EP2166697B1 (en) | Method and system for authenticating a user by means of a mobile device | |
| US9338164B1 (en) | Two-way authentication using two-dimensional codes | |
| US10445487B2 (en) | Methods and apparatus for authentication of joint account login | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| KR101381789B1 (en) | Method for web service user authentication | |
| US20130347071A1 (en) | Method and system for granting access to a secured website | |
| Rizzo et al. | Practical padding oracle attacks | |
| CN111723889B (en) | Code scanning login method, graphic code display method, device, equipment and storage medium | |
| KR20130072790A (en) | User authentication system and method thereof | |
| CN112131564A (en) | Encrypted data communication method, apparatus, device, and medium | |
| US20220103545A1 (en) | Application security through deceptive authentication | |
| CN103036852B (en) | A kind of method and device realizing network entry | |
| CN109740319B (en) | Digital identity verification method and server | |
| CN104917755B (en) | A kind of login method based on mobile communication terminal and short message | |
| Joe et al. | Designing a novel two-tier authentication algorithm for web service architecture | |
| Ellahi et al. | Analyzing 2FA Phishing Attacks and Their Prevention Techniques | |
| CN115174181B (en) | Method, device, equipment and storage medium for realizing single sign-on | |
| JP7403430B2 (en) | Authentication device, authentication method and authentication program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |